Stopping vbs or other scripts

Hi all, I posted a wish-list item HERE.

In it I describe how it would be nice if ProcessGuard could allow or deny scripts running from cscript, wscript, or cmd. I request this control because I need to allow these processes to run, but I dont want a malicious vbs file running also. Since ProcessGuard would allow cscript to run, then that malicious code would run too.

Well, what I wanted to open to the discusion is the idea that there is this Bugware Tax anymore, and I am sick of paying it. I was doing days and days of research and testing of ways to protect a system. There is NO ONE solution out there that works and is not completely bloated, and does not require constant paid updates. And then it dawned on me! If I could just stop ALL UNWANTED CODE from running, I would be set! Then I found Process Guard! Yahoo! I was excited until I realized that scripts could run still.

You see, to me, the biggest problem we have is that there seems to be an endless downward spiral of security problems anymore. If we can just control the code running on our systems, it wouldnt have to be that way. ProcessGuard is the coolest thing I have seen and I congratulate DiamondCS on such a great product. Is it unreasonable that this feature be included in ProcessGuard?

What do you all think? And are some of you thinking the same thing I am? (probably you are because that's why we are using ProcessGuard?)

Thank everyone!

 

Hi,

To be honest, there's an other product called Viguard who have the ability to intercept some files' extensions like vbs and others various scripts.
But he is for advanced users and more intended to firms and enterprises.

With this one, PG is surely the best softs to prevent usuals infections .

But as i said, there's no software who could protect against all attacks (web applications like Cross Site Scripting or SQL injection, network attacks like DDOS or DNS/TCP Spoofing, Buffer Overflow and others script and moble codes attacks).

A solution is to add some others softs with PG:

***To answer to your wish (script ...), you can use these free tools to intercept dangerous extensions:

*ScriptSentry(from jason-toolbox site),

*ScriptDefender:

http://www.analogx.com/contents/download/system/sdefend.htm

*ScripTrap : http://keir.net/scriptrap.html

***To increase the security with PG:

*A firewall Apllication,

*An Intrusion Prevention System,

*A registry/service/process monitoring tool,

*An integrity checker with a real time change detection( SHA-1 minimum)

*A strong Sandbox (SHA-1 Hashes/algorithm)

(.................)

Regards

 

As far as preventing running of unauthorized code, there are two other approaches you could use.

1) Login as a Limited User which will prevent a lot of stuff from installing / running. See this thread for more pros/cons:

http://www.dslreports.com/forum/remark,12255189~mode=flat~days=9999

2) Use PrevX to prevent scripts, etc. in vulnerable folders from running (paid Pro version needed to stop all script versions is about US $ 20). See:

http://www.prevx.com/

 

I appreciate your advice.

But, it doing what you guys suggest is exactly what I dont want to do. The point is, if ProcessGuard is "software to guard against unwanted processes", then why shouldn't it guard against unwanted script processes?

I understand there are other packages available to compliment PG, but the root of the bugware problem is that processes can run without your knowledge, and if PG could prevent *all* unwanted processes you wouldnt need all the other packages. Right?

I also have run Prevx, and I didnt like it. It was too slow. Which is why I am picking on PG, it is 90% there, to being the perfect solution. IMHO.

I guess my main question to everyone is this: If you can stop or control ALL processes on your system, do you really need all the other bugware software running?

I dont think so. I am not talking about privacy here, I know running only PG wouldnt do it. I am talking about keeping the bugs off your system, which would keep out most privacy problems anyway.

 

Hi ReTheOff,

This may be what you are looking for: Using Software Restriction Policies to Protect Against Unauthorized Software. I would take a look at using path rules for trusted scripts rather than attempting to digitally sign your scripts.

Nick

 

You know what, that actually might be a really great option. What I did was create a the Software Restriction Policy and set it to default to Dissallow, but then removed ALL of what is considered executable, and then added only vbs, wsf, js, cmd, and bat files. And last, I added a Path rule to allow only from a specific location and filename. Now NO SCRIPT can run unless it has a certain name and path. NICE!

So I can use ProcessGuard to protect all the processes normally (which is very easy, and a lot easier than this M$ option), and I can allow wscript.exe to run, but NO SCRIPTS can run unless the policy is met. And I dont need a virus scanner! Very cool! Thanks for the tip, I never thought of using Local Policies.